* Kick other session when changing password
Invalidate other sessions when a user password gets changed
* Don't logout admin users when they change passwords.
Cleanup phpstan exceptions
* only restore user if needed
* comment odd behavior
* $current_user typehint
* Improvements to SSO Authorization and logout handling
Changes:
* Adds support for a default access level in the SSO authorization
plugin when group mapping is enabled.
* Restore functionality of the auth_logout_handler configuration option,
allowing the user to be redirected to a configured URL to complete
logout from an external IdP.
* Documentation and test coverage updates
* Set sso.static_level to 0 in AuthSSOTest:testGroupParsing()
* Simplify implementation to use default values in Config::get()
* Remove $debug global
and $vdebug global
makes these variables more accessible and protects from collisions.
* the on boot set sends application as the first parameter, just handle that
* Relocate other debug related functions
* Log debug to stdout
* Wrong output
* remove stupid constants
* Fix lint and style issues
* Fixes issues with binding and authenticating users in nested groups
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* re-instated the user group check for nested groups after identifying the real issue in ActiveDirectoryAuthorizer.php
added fix for special characters in group checker in ActiveDirectoryAuthorizer.php
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* fix for styleci/pr issues in ActiveDirectoryAuthorizer.php
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* further fixes for styleci/pr in ActiveDirectoryAuthorizer.php
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* fixed return value from userExists in ActiveDirectoryAuthorizer to return boolean instead of integer
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* fix for styleci/pr issues
Signed-off-by: Patrik Forsberg <git@paddyonline.net>
* cleanup
* don't use boolval on int...
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Device group based access
* Use Permissions class to resolve permissions
Also give port access based on device access
* Convert more pages to use Permissions class
* shorten config setting name
use Eloquent relationships in several places
alphabetize config_definitions.json
* Change Models and Permissions
* Clean up ajax_search LIMIT sql
* Convert more pages to use Permissions class
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Add option to authenticate user independtly of OU
* Set config option in webui
* Compatibility with bind username option
* ran ./lnms translation:generate
* update doc
* user deactivation feature
* update db_schema.yaml
* travis fix
* readd sqlfile with alter statement
* ..
* revert force push
* combine all queries
* fix query
* user enable/disable only visible on mysql authorization
* Update form.blade.php
* Update index.blade.php
* disable 'enabled' on own profile
* bootstraping checkboxes
* Remove $_SESSION usage, except install
Fixes issue with device debug capture
Removes secure_cookies setting, use the .env variable SESSION_SECURE_COOKIE instead. Reminder secure cookies requires cookies are transported over https, if everything is already transported via https, the setting won't make a difference.
* Fix availability map controls
* Refactor tests
Boot Laravel for all tests.
Config use private static property for storage instead of global
* Backup/restore modules
* disable snmpsim log
* Fixing DBTestCase
* Fix macros loading to the wrong place
* trap and other tests should check if db is available
* don't include snmp.inc.php if mock.snmp.inc.php is already included...
* fix migration
* if we don't reset the db, run migrations at least.
* set vars for migrate too
* Fix style
* ignore issues with undefined indexes in legacy code
* Remove auth use of $_SESSION
Will break plugins that depend on $_SESSION, Weathermap was already fixed.
Port them to use Auth::check()/Auth::user()/Auth:id()
* revert accidental replacement
* Modification of the getUserlist fonction to use ldap filter
* Modification of the getUserlist fonction to use ldap filter V2
* documentation of auth_ldap_Userlist_filter option
* documentation of auth_ldap_Userlist_filter option V2
* Allow filtering of getUserlist LDAP function
* Support for system APP_LOCALE
* Start preferences re-write
* port 2fa form
* Working user preferences
* Language user preference
* Don't look up locale from the DB every request
* Device list working
* Deny demo user middleware
* Finish password changing
* remove used resource methods
* remove leftover use
* warn that translation is incomplete
* fix style
* Reorganize trap tests
* Testing db DRIVER to prevent .env from interfering
* New code to detect if Laravel is booted. Hopefully more reliable.
* WIP external test process
* revert module test helper
* Use .env in Eloquent::boot()
* Fix test database settings loading
* fix undefined classes
(didn't find the one I needed)
* Fix incorrect Config usages
And RrdDefinition return type
* fix .env loading
* use the right DB
* slightly more accurate isConnected
* Move db_name to DBSetupTest specifically
* restore $_SERVER in AuthSSOTest
* missed item
* WIP
* tear down in the correct order.
* some testing cleanups
* remove check for duplicate event listener, it's not working right
* Don't need this change anymore
* Implement Log::event to replace legacy function log_event()
* fix port tests
* fix up tests
* remove pointless TrapTestCase class
* fix style
* Fix db config not being merged...
* skip env check for tests
* defer database operations until after Laravel is booted.
* don't include dbFaciale...
* redundant use
* Reorganize trap tests
* Testing db DRIVER to prevent .env from interfering
* New code to detect if Laravel is booted. Hopefully more reliable.
* WIP external test process
* revert module test helper
* Use .env in Eloquent::boot()
* Fix test database settings loading
* fix undefined classes
(didn't find the one I needed)
* Fix incorrect Config usages
And RrdDefinition return type
* fix .env loading
* use the right DB
* slightly more accurate isConnected
* Move db_name to DBSetupTest specifically
* restore $_SERVER in AuthSSOTest
* missed item
* WIP
* tear down in the correct order.
* some testing cleanups
* remove check for duplicate event listener, it's not working right
* Don't need this change anymore
* Implement Log::event to replace legacy function log_event()
* fix port tests
* fix up tests
* remove pointless TrapTestCase class
* fix style
* Add lnms user:add command
Uses events to mark past notifications as read (even for non-manually added users)
* Filter out previous options from auto-completion
* use validation to check cli input
* Warn if using other auth
* abstract LnmsCommand
* Use setPassword helper for hashing instead of mutator
* Extract validation function
* AD Authorization fixes
Remove mres() and $_SESSION usage.
Remove broken addUser function and use Mysql addUser.
* AD Authorization fixes
Remove mres() and $_SESSION usage.
Remove broken addUser function and use Mysql addUser.
Extract common AD auth code to ADUtils
* AD Authorization fixes
Remove mres() and $_SESSION usage.
Remove broken addUser function and use Mysql addUser.
Extract common AD auth code to ADUtils
* Send no user info to log instead of toast.
* Remove commented code
* add abstract getConnection() method that is required.
* Actually return the value
* Fix AD auth with large SID components
Per http://php.net/manual/en/function.unpack.php unpack on 32bit will convert large unsigned long values into signed long values, so we check for PHP_INT_SIZE and fix them up if necessary.
* Fix indentation
* First attempt at ldap-auth fixes
* no, guest, so it is not allowed.
* cast to int
* don't count on Session
* return full user
* Specific error for guest not allowed.
* fix up external auth user creation
* fix check
* Fix user level missing
Simplify middleware
* use guard if configured
* Fix API auth issues
Api access page now creates tokens with the correct ID.
Correctly creates users for legacy user tokens.
Fix Ldap comparison
Laravel Util class to make code easier to access/read
* More api access page fixes
* fix style
* Use Laravel for authentication
Support legacy auth methods
Always create DB entry for users (segregate by auth method)
Port api auth to Laravel
restrict poller errors to devices the user has access to
Run checks on every page load. But set a 5 minute (configurable) timer.
Only run some checks if the user is an admin
Move toastr down a few pixels so it isn't as annoying.
Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user.
Add two missing menu entries in the laravel menu
Rewrite 2FA code
Simplify some and verify code before applying
Get http-auth working
Handle legacy $_SESSION differently. Allows Auth::once(), etc to work.
* Fix tests and mysqli extension check
* remove duplicate Toastr messages
* Fix new items
* Rename 266.sql to 267.sql
Allow to use full DN as value for member attribute instead of member: username
I dont use LDAP so this should be tested with both methods.
For using fulldn as user `$config['ldap_auth_userdn'] = true;` must be set in config.php
This comes from https://community.librenms.org/t/feature-request-full-dn-as-group-member-attibute-in-ldap-auth/4805
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [ x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
